Though Microsoft released a number of security patches in its July 11 update (on formerly-and-still-somewhat-known-as Patch Tuesday), there were a number of out-of-band updates also released on July 27. This update applies to vulnerabilities specifically Outlook and Office Click-to-run.

Several of the vulnerabilities in the late July update prevent remote code executions (RCE) in Outlook 2007, 2010, 2013 and 2016, as well as Office 2010 and 2016 Click-To-Run.

Sophos Home

For those keeping score at home, the patched RCE vulnerability in question specifically are CVE-2017-8571, CVE-2017-8572, and CVE-2017-8663.

Another day, another update, yes, but we always encourage you to apply these updates as expediently as possible. Attackers use these vulnerabilities because they know inevitably not everyone is as up-to-date as they could or should be. Microsoft Office is still a major attack vector, and unfortunately we see attackers targeting Office users all the time. It’s tried and true for them, sadly.

So don’t make an attacker’s job any easier than it needs to be: apply these patches as soon as you can.

Hopefully they’ve fixed the problem with Outlook 2013 where it marks the Naked Security newsletter as SPAM. This has been going on for weeks now matter how often I say “No”. Annoying – as I find so much software to be these days.